cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1178,https://securityvulnerability.io/vulnerability/CVE-2024-1178,Unauthorized Modification of Data in SportsPress Plugin Due to Missing Capability Check,"The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs",Wordpress,Sportspress – Sports Club & League Manager,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-05T01:55:47.179Z,0
CVE-2021-24578,https://securityvulnerability.io/vulnerability/CVE-2021-24578,SportsPress < 2.7.9 - Reflected Cross-Site Scripting,"The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue",Wordpress,Sportspress – Sports Club & League Manager,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2021-12-21T08:45:25.000Z,0